XAOS CMS SQL Injection

2010-07-26T00:00:00
ID PACKETSTORM:92172
Type packetstorm
Reporter H-SK33PY
Modified 2010-07-26T00:00:00

Description

                                        
                                            `# Exploit Title: XAOS CMS SQL Injection Vulnerability   
# Date: 25/07/2010   
# Author: H-SK33PY   
# Software Link: http://www.xaos.it/  
# Version: N/A  
# Google dork : Powered by XAOS systems  
# Platform / Tested on: linux  
# Category: webapplications  
# Code : [SQLi] & [BSQLi]  
  
  
010101010101010101010101010101010101010101010101010101010   
0 0  
1 Iranian Datacoders Security Team 2010  
0 0  
010101010101010101010101010101010101010101010101010101010  
  
#BUG:#########################################################################  
  
After find bug on the sites , run this :  
  
http://site.com/index.php?m=1[SQLi]  
  
If you can not inject run Blind SQL Injection  
  
http://site.com/index.php?m=1[BSQLi]  
  
  
  
#############################################################################  
Website : http://www.datacoders.ir  
  
Special Thanks to : ccC0d3rZzz & all iranian datacoders members  
  
#############################################################################  
  
`